When they hit the headlines, ransomware attacks are now often very big news. Already this year, organizations across a huge range of sectors have been dealing with encrypted and lost data, downtime, PR disasters and the huge amount of work often required to recover systems and return to business as usual.
While incidents such as that impacting Colonial Pipelines have dominated recent cybersecurity news, they are just one of many and looking further helps illustrate the true scale of the problem. The technology industry website Bleeping Computer, for instance, is one of the outlets that track ransomware attacks. Their ‘Week In Ransomware’ section makes for alarming reading, not just because of the huge number of incidents, but also because of the cost inflicted on victims.
What tends to get less emphasis in the coverage of ransomware generally, however, is the lingering impact of attacks as organisations struggle to recover their systems and data. For those organisations who listen to the experts and refuse to pay ransom demands, the road to normality can be long and expensive. The 2019 attack on aluminium producer, Norsk Hydro, cost the company tens of millions to fix, and was impacting their systems and business months after the initial incident took place.
Even though the average ransomware attack is over more quickly, lasting around 16 days, few organisations can absorb that amount of disruption and cost. Even more painful, however, is the experience for those organisations that do decide to pay ransomware demands. As reported in Forbes in May this year, “even if a payment was forthcoming, new research reveals the shocking reality of ransomware today: 92% of organizations don’t get all their data back.”
Common to all these situations is the reactive stance organisations take to ransomware. Relying on antivirus and sandboxing technologies, for example, can be effective up to a point, but the problem is that nearly 70% of malware found embedded within files is of an unknown variant when it is received. In effect, these are invisible to reactive cybersecurity technologies, creating a major gap in protection and a potentially catastrophic security blindspot.
With new malware variants appearing every few seconds, speed of identity is of the essence, but it can take days or even weeks for antivirus and sandboxing solutions to be updated so they can protect files and documents. Threat Intelligence research has uncovered numerous examples of malware and ransomware sitting undetected on network infrastructure for anything up to 30 days before reactive solutions are able to respond.
Instead, Content Disarm and Reconstruction (CDR) delivers proactive cybersecurity protection that doesn’t wait for detection. Glasswall’s CDR platform instantly cleans and rebuilds files and documents to match their ‘known good’ manufacturer’s standard, removing potential threats so organisations can trust every file. As Gartner explains, “CDR neutralises all potentially malicious content, without requiring multiple antivirus scanning or sandboxing.”